Site Search Navigation

Site Navigation

Site Mobile Navigation

F.T.C. Fines Google $22.5 Million for Safari Privacy Violations

By Claire Cain Miller August 9, 2012 1:03 pmAugust 9, 2012 1:03 pm

Boris Roessler/European Pressphoto Agency

SAN FRANCISCO — The Federal Trade Commission fined Google $22.5 million on Thursday to settle charges that it had bypassed privacy settings in Apple’s Safari browser to be able to track users of the browser and show them advertisements, and violated an earlier privacy settlement with the agency.

The fine is the largest civil penalty ever levied by the commission, which has been cracking down on tech companies for privacy violations and is also investigating Google for antitrust violations.

“The social contract has to be that if you’re going to hold on to people’s most private data, you have to do a better job of honoring your privacy commitments,” said David C. Vladeck, the director of the commission’s Bureau of Consumer Protection, in a call with reporters. “And if there’s a message the commission is trying to send today, it’s that.”

The commission said Google had broken the terms of a 2011 settlement over privacy missteps related to the Buzz, a social networking tool now defunct. In the settlement Thursday, Google did not admit to violating the law.

A commissioner, J. Thomas Rosch, filed a dissenting statement because he said the commission should not have accepted Google’s denial of liability, which he called “inexplicable.”

Google has said its actions had been unintentional and had resulted from a change in Safari of which Google was unaware. When the issue was brought to the company’s attention, it said, it stopped tracking Safari users and showing them personalized ads.

On the call with reporters, Mr. Vladeck said he had little patience with Google’s explanation, and referred to other privacy violations about which Google has also said it was unaware, like collecting personal data with its Street View cars.

“As a regulator, it is hard to know which answer is worse — I didn’t know or I did it deliberately,” Mr. Vladeck said. “We hope that the civil penalty we’re imposing here today and continued monitoring of Google’s performance by the commission and by others frankly will force Google to have a better sense of what’s going on.”

Some analysts have questioned the commission’s power to effectively police tech companies, which have repeatedly settled privacy violations with the commission. The fine, though large by commission standards, is small for Google. An investigation by ProPublica, published in Wired magazine in June, said federal regulators did not have enough financing or the legal authority to sufficiently monitor and punish tech companies for privacy violations.

Google and other advertising companies use cookies, which are small files that contain information about Web users, to show personalized ads as Internet users travel around the Web. If an Internet user visits fashion Web sites, for instance, Google might show the person ads for clothing companies on other Web sites that person visits.

Safari, unlike other browsers, blocks cookies from ad networks like Google’s. But Google had been exploiting a loophole to avoid the block, install cookies and track Safari users to show them personalized ads.

In a statement, Google said, “We set the highest standards of privacy and security for our users.” The company added that it had “taken steps to remove the ad cookies, which collected no personal information, from Apple’s browsers.”

A version of this article appears in print on 08/10/2012, on page B2 of the NewYork edition with the headline: Google, Accused of Skirting Privacy Provision, Is to Pay $22.5 Million to Settle Charges.